Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can Someone Please Tell Me What Is Good/bad?


  • This topic is locked This topic is locked
12 replies to this topic

#1 volcomsocom

volcomsocom

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:51 PM

Posted 27 September 2007 - 09:35 PM

Here is my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:32:59 PM, on 9/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Documents and Settings\Owner\My Documents\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dial
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3964D8D6-86D0-493A-B460-A805B5401114} - C:\WINDOWS\system32\wvuvutu.dll
O2 - BHO: (no name) - {4AD81083-BF9A-4CAB-9F0D-97BD5C9E1579} - C:\WINDOWS\system32\jkkjj.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {7db56767-f849-41f8-a268-dbfdf4e269d7} - (no file)
O2 - BHO: 0 - {8094E49A-5C15-4886-8097-38586F7B25C7} - (no file)
O2 - BHO: My Web Search Bar BHO - {8EAB99C1-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL
O2 - BHO: (no name) - {9999E42A-EC8D-4847-8B2A-E6C4F1929EE9} - C:\WINDOWS\system32\DiskI.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\syxelbdy.dll
O2 - BHO: (no name) - {FCCD224D-65E5-483C-BB72-DDDDC53DD90A} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn\yt.dll
O3 - Toolbar: WeatherBug Browser Bar - powered by MyWebSearch - {8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\ylnnuxxe.dll",sitypnow
O4 - HKLM\..\RunOnce: [KB926239] rundll32.exe apphelp.dll,ShimFlushCache
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\RunOnce: [MPlayer2_FixUp] C:\WINDOWS\inf\unregmp2.exe /Fixups
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Startup: Organize.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1146064302421
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab
O20 - Winlogon Notify: jkkjj - C:\WINDOWS\system32\jkkjj.dll
O20 - Winlogon Notify: wvuvutu - C:\WINDOWS\SYSTEM32\wvuvutu.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\auevxusg.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
O24 - Desktop Component 0: (no name) - C:\Program Files\MSN Gaming Zone\rteprek.html

--
End of file - 10710 bytes


I already removed some things that I knew were bad. But I don't know what else is. Any help will be greatly appreciated.

BC AdBot (Login to Remove)

 


#2 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:02:51 AM

Posted 28 September 2007 - 05:11 AM

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today.
Before we begin, I'd like to ask you not to remove anything else by yourself, fixing the wrong things with HijackThis can seriously mess up your computer. Even if they look bad, the majority of entries in your log can be completely harmless, but by removing them this will cause some functions on your computer to not work properly.

Please download VundoFix to your Desktop.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt in your next reply.
Note: It is possible that VundoFix encountered a file it could not remove.
VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

Please include VundoFix.txt and a new HijackThis log in your next reply.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#3 volcomsocom

volcomsocom
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:51 PM

Posted 28 September 2007 - 10:16 AM

Hi Charles, thanks for the quick reply! :thumbsup:

Ok, here is my VundoFix log:

VundoFix V6.5.9

Checking Java version...

Scan started at 9:47:48 AM 9/28/2007

Listing files found while scanning....

C:\windows\system32\ajxinccx.dll
C:\windows\system32\akurmwdj.ini
C:\windows\system32\bargeudw.dll
C:\windows\system32\bcvlxont.dll
C:\windows\system32\bwxrklwo.ini
C:\windows\system32\ckxnfulv.dll
C:\windows\system32\cpwwflju.ini
C:\windows\system32\cqyslbtw.dll
C:\windows\system32\djbnhwtw.ini
C:\windows\system32\dlspnopy.dll
C:\windows\system32\duspxhyx.ini
C:\windows\system32\dvqkusup.ini
C:\windows\system32\ehyykimu.dll
C:\windows\system32\eqrprevg.dll
C:\windows\system32\errqftmu.dll
C:\windows\system32\etslgquw.ini
C:\windows\system32\fcpdqbvs.dll
C:\windows\system32\fsqfhhqy.dll
C:\windows\system32\ftenlooy.ini
C:\windows\system32\fxpnkrcp.dll
C:\windows\system32\gverprqe.ini
C:\windows\system32\hcpdxiux.dll
C:\windows\system32\hrplfrcq.dll
C:\windows\system32\huhwxrno.ini
C:\windows\system32\ibqneeim.dll
C:\windows\system32\idweivmu.ini
C:\windows\system32\imfuhdrr.dll
C:\windows\system32\invftafy.ini
C:\windows\system32\iogdkokw.ini
C:\windows\system32\jdwmruka.dll
C:\WINDOWS\system32\jkkjj.dll
C:\windows\system32\khacxexk.ini
C:\windows\system32\kmkjwrpr.ini
C:\windows\system32\knxdejiy.ini
C:\windows\system32\kwgkoqqx.dll
C:\windows\system32\kxexcahk.dll
C:\windows\system32\kytlmkrw.ini
C:\windows\system32\ltdkwdwg.dll
C:\windows\system32\mdfuxwew.ini
C:\windows\system32\mieenqbi.ini
C:\windows\system32\nbuciwav.ini
C:\windows\system32\njylvdky.ini
C:\windows\system32\obgnjiiy.ini
C:\windows\system32\onrxwhuh.dll
C:\windows\system32\opnoljg.dll
C:\windows\system32\owlkrxwb.dll
C:\windows\system32\pcrknpxf.ini
C:\windows\system32\pmhrynts.ini
C:\windows\system32\pusukqvd.dll
C:\windows\system32\qcrflprh.ini
C:\windows\system32\qwdbjdnw.ini
C:\windows\system32\rprwjkmk.dll
C:\windows\system32\rrdhufmi.ini
C:\windows\system32\sawovpau.dll
C:\windows\system32\smfhtdeu.dll
C:\windows\system32\ssqqqrp.dll
C:\windows\system32\stnyrhmp.dll
C:\windows\system32\suxgrctw.dll
C:\windows\system32\svbqdpcf.ini
C:\windows\system32\swsrkhex.dll
C:\WINDOWS\system32\syxelbdy.dll
C:\windows\system32\tnoxlvcb.ini
C:\windows\system32\togpupnx.ini
C:\windows\system32\uapvowas.ini
C:\windows\system32\uedthfms.ini
C:\windows\system32\ujlfwwpc.dll
C:\windows\system32\umikyyhe.ini
C:\windows\system32\umtfqrre.ini
C:\windows\system32\umviewdi.dll
C:\windows\system32\vawicubn.dll
C:\windows\system32\vlufnxkc.ini
C:\windows\system32\wduegrab.ini
C:\windows\system32\wewxufdm.dll
C:\windows\system32\wkokdgoi.dll
C:\windows\system32\wndjbdwq.dll
C:\windows\system32\wrkmltyk.dll
C:\windows\system32\wtblsyqc.ini
C:\windows\system32\wtcrgxus.ini
C:\windows\system32\wtwhnbjd.dll
C:\windows\system32\wuqglste.dll
C:\WINDOWS\system32\wvuvutu.dll
C:\windows\system32\xccnixja.ini
C:\WINDOWS\system32\xdehowjh.dll
C:\windows\system32\xehkrsws.ini
C:\windows\system32\xnpupgot.dll
C:\windows\system32\xqqokgwk.ini
C:\windows\system32\xuixdpch.ini
C:\windows\system32\xyhxpsud.dll
C:\windows\system32\yfatfvni.dll
C:\windows\system32\yiijngbo.dll
C:\windows\system32\yijedxnk.dll
C:\windows\system32\ykdvlyjn.dll
C:\WINDOWS\system32\ylnnuxxe.dll
C:\windows\system32\yoolnetf.dll
C:\windows\system32\yponpsld.ini
C:\windows\system32\yqhhfqsf.ini

Beginning removal...

Attempting to delete C:\windows\system32\ajxinccx.dll
C:\windows\system32\ajxinccx.dll Has been deleted!

Attempting to delete C:\windows\system32\akurmwdj.ini
C:\windows\system32\akurmwdj.ini Has been deleted!

Attempting to delete C:\windows\system32\bargeudw.dll
C:\windows\system32\bargeudw.dll Has been deleted!

Attempting to delete C:\windows\system32\bcvlxont.dll
C:\windows\system32\bcvlxont.dll Has been deleted!

Attempting to delete C:\windows\system32\bwxrklwo.ini
C:\windows\system32\bwxrklwo.ini Has been deleted!

Attempting to delete C:\windows\system32\ckxnfulv.dll
C:\windows\system32\ckxnfulv.dll Has been deleted!

Attempting to delete C:\windows\system32\cpwwflju.ini
C:\windows\system32\cpwwflju.ini Has been deleted!

Attempting to delete C:\windows\system32\cqyslbtw.dll
C:\windows\system32\cqyslbtw.dll Has been deleted!

Attempting to delete C:\windows\system32\djbnhwtw.ini
C:\windows\system32\djbnhwtw.ini Has been deleted!

Attempting to delete C:\windows\system32\dlspnopy.dll
C:\windows\system32\dlspnopy.dll Has been deleted!

Attempting to delete C:\windows\system32\duspxhyx.ini
C:\windows\system32\duspxhyx.ini Has been deleted!

Attempting to delete C:\windows\system32\dvqkusup.ini
C:\windows\system32\dvqkusup.ini Has been deleted!

Attempting to delete C:\windows\system32\ehyykimu.dll
C:\windows\system32\ehyykimu.dll Has been deleted!

Attempting to delete C:\windows\system32\eqrprevg.dll
C:\windows\system32\eqrprevg.dll Has been deleted!

Attempting to delete C:\windows\system32\errqftmu.dll
C:\windows\system32\errqftmu.dll Has been deleted!

Attempting to delete C:\windows\system32\etslgquw.ini
C:\windows\system32\etslgquw.ini Has been deleted!

Attempting to delete C:\windows\system32\fcpdqbvs.dll
C:\windows\system32\fcpdqbvs.dll Has been deleted!

Attempting to delete C:\windows\system32\fsqfhhqy.dll
C:\windows\system32\fsqfhhqy.dll Has been deleted!

Attempting to delete C:\windows\system32\ftenlooy.ini
C:\windows\system32\ftenlooy.ini Has been deleted!

Attempting to delete C:\windows\system32\fxpnkrcp.dll
C:\windows\system32\fxpnkrcp.dll Has been deleted!

Attempting to delete C:\windows\system32\gverprqe.ini
C:\windows\system32\gverprqe.ini Has been deleted!

Attempting to delete C:\windows\system32\hcpdxiux.dll
C:\windows\system32\hcpdxiux.dll Has been deleted!

Attempting to delete C:\windows\system32\hrplfrcq.dll
C:\windows\system32\hrplfrcq.dll Has been deleted!

Attempting to delete C:\windows\system32\huhwxrno.ini
C:\windows\system32\huhwxrno.ini Has been deleted!

Attempting to delete C:\windows\system32\ibqneeim.dll
C:\windows\system32\ibqneeim.dll Has been deleted!

Attempting to delete C:\windows\system32\idweivmu.ini
C:\windows\system32\idweivmu.ini Has been deleted!

Attempting to delete C:\windows\system32\imfuhdrr.dll
C:\windows\system32\imfuhdrr.dll Has been deleted!

Attempting to delete C:\windows\system32\invftafy.ini
C:\windows\system32\invftafy.ini Has been deleted!

Attempting to delete C:\windows\system32\iogdkokw.ini
C:\windows\system32\iogdkokw.ini Has been deleted!

Attempting to delete C:\windows\system32\jdwmruka.dll
C:\windows\system32\jdwmruka.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkkjj.dll
C:\WINDOWS\system32\jkkjj.dll Could not be deleted.

Attempting to delete C:\windows\system32\khacxexk.ini
C:\windows\system32\khacxexk.ini Has been deleted!

Attempting to delete C:\windows\system32\kmkjwrpr.ini
C:\windows\system32\kmkjwrpr.ini Has been deleted!

Attempting to delete C:\windows\system32\knxdejiy.ini
C:\windows\system32\knxdejiy.ini Has been deleted!

Attempting to delete C:\windows\system32\kwgkoqqx.dll
C:\windows\system32\kwgkoqqx.dll Has been deleted!

Attempting to delete C:\windows\system32\kxexcahk.dll
C:\windows\system32\kxexcahk.dll Has been deleted!

Attempting to delete C:\windows\system32\kytlmkrw.ini
C:\windows\system32\kytlmkrw.ini Has been deleted!

Attempting to delete C:\windows\system32\ltdkwdwg.dll
C:\windows\system32\ltdkwdwg.dll Has been deleted!

Attempting to delete C:\windows\system32\mdfuxwew.ini
C:\windows\system32\mdfuxwew.ini Has been deleted!

Attempting to delete C:\windows\system32\mieenqbi.ini
C:\windows\system32\mieenqbi.ini Has been deleted!

Attempting to delete C:\windows\system32\nbuciwav.ini
C:\windows\system32\nbuciwav.ini Has been deleted!

Attempting to delete C:\windows\system32\njylvdky.ini
C:\windows\system32\njylvdky.ini Has been deleted!

Attempting to delete C:\windows\system32\obgnjiiy.ini
C:\windows\system32\obgnjiiy.ini Has been deleted!

Attempting to delete C:\windows\system32\onrxwhuh.dll
C:\windows\system32\onrxwhuh.dll Has been deleted!

Attempting to delete C:\windows\system32\opnoljg.dll
C:\windows\system32\opnoljg.dll Has been deleted!

Attempting to delete C:\windows\system32\owlkrxwb.dll
C:\windows\system32\owlkrxwb.dll Has been deleted!

Attempting to delete C:\windows\system32\pcrknpxf.ini
C:\windows\system32\pcrknpxf.ini Has been deleted!

Attempting to delete C:\windows\system32\pmhrynts.ini
C:\windows\system32\pmhrynts.ini Has been deleted!

Attempting to delete C:\windows\system32\pusukqvd.dll
C:\windows\system32\pusukqvd.dll Has been deleted!

Attempting to delete C:\windows\system32\qcrflprh.ini
C:\windows\system32\qcrflprh.ini Has been deleted!

Attempting to delete C:\windows\system32\qwdbjdnw.ini
C:\windows\system32\qwdbjdnw.ini Has been deleted!

Attempting to delete C:\windows\system32\rprwjkmk.dll
C:\windows\system32\rprwjkmk.dll Has been deleted!

Attempting to delete C:\windows\system32\rrdhufmi.ini
C:\windows\system32\rrdhufmi.ini Has been deleted!

Attempting to delete C:\windows\system32\sawovpau.dll
C:\windows\system32\sawovpau.dll Has been deleted!

Attempting to delete C:\windows\system32\smfhtdeu.dll
C:\windows\system32\smfhtdeu.dll Has been deleted!

Attempting to delete C:\windows\system32\ssqqqrp.dll
C:\windows\system32\ssqqqrp.dll Has been deleted!

Attempting to delete C:\windows\system32\stnyrhmp.dll
C:\windows\system32\stnyrhmp.dll Has been deleted!

Attempting to delete C:\windows\system32\suxgrctw.dll
C:\windows\system32\suxgrctw.dll Has been deleted!

Attempting to delete C:\windows\system32\svbqdpcf.ini
C:\windows\system32\svbqdpcf.ini Has been deleted!

Attempting to delete C:\windows\system32\swsrkhex.dll
C:\windows\system32\swsrkhex.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\syxelbdy.dll
C:\WINDOWS\system32\syxelbdy.dll Could not be deleted.

Attempting to delete C:\windows\system32\tnoxlvcb.ini
C:\windows\system32\tnoxlvcb.ini Has been deleted!

Attempting to delete C:\windows\system32\togpupnx.ini
C:\windows\system32\togpupnx.ini Has been deleted!

Attempting to delete C:\windows\system32\uapvowas.ini
C:\windows\system32\uapvowas.ini Has been deleted!

Attempting to delete C:\windows\system32\uedthfms.ini
C:\windows\system32\uedthfms.ini Has been deleted!

Attempting to delete C:\windows\system32\ujlfwwpc.dll
C:\windows\system32\ujlfwwpc.dll Has been deleted!

Attempting to delete C:\windows\system32\umikyyhe.ini
C:\windows\system32\umikyyhe.ini Has been deleted!

Attempting to delete C:\windows\system32\umtfqrre.ini
C:\windows\system32\umtfqrre.ini Has been deleted!

Attempting to delete C:\windows\system32\umviewdi.dll
C:\windows\system32\umviewdi.dll Has been deleted!

Attempting to delete C:\windows\system32\vawicubn.dll
C:\windows\system32\vawicubn.dll Has been deleted!

Attempting to delete C:\windows\system32\vlufnxkc.ini
C:\windows\system32\vlufnxkc.ini Has been deleted!

Attempting to delete C:\windows\system32\wduegrab.ini
C:\windows\system32\wduegrab.ini Has been deleted!

Attempting to delete C:\windows\system32\wewxufdm.dll
C:\windows\system32\wewxufdm.dll Has been deleted!

Attempting to delete C:\windows\system32\wkokdgoi.dll
C:\windows\system32\wkokdgoi.dll Has been deleted!

Attempting to delete C:\windows\system32\wndjbdwq.dll
C:\windows\system32\wndjbdwq.dll Has been deleted!

Attempting to delete C:\windows\system32\wrkmltyk.dll
C:\windows\system32\wrkmltyk.dll Has been deleted!

Attempting to delete C:\windows\system32\wtblsyqc.ini
C:\windows\system32\wtblsyqc.ini Has been deleted!

Attempting to delete C:\windows\system32\wtcrgxus.ini
C:\windows\system32\wtcrgxus.ini Has been deleted!

Attempting to delete C:\windows\system32\wtwhnbjd.dll
C:\windows\system32\wtwhnbjd.dll Has been deleted!

Attempting to delete C:\windows\system32\wuqglste.dll
C:\windows\system32\wuqglste.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wvuvutu.dll
C:\WINDOWS\system32\wvuvutu.dll Could not be deleted.

Attempting to delete C:\windows\system32\xccnixja.ini
C:\windows\system32\xccnixja.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\xdehowjh.dll
C:\WINDOWS\system32\xdehowjh.dll Has been deleted!

Attempting to delete C:\windows\system32\xehkrsws.ini
C:\windows\system32\xehkrsws.ini Has been deleted!

Attempting to delete C:\windows\system32\xnpupgot.dll
C:\windows\system32\xnpupgot.dll Has been deleted!

Attempting to delete C:\windows\system32\xqqokgwk.ini
C:\windows\system32\xqqokgwk.ini Has been deleted!

Attempting to delete C:\windows\system32\xuixdpch.ini
C:\windows\system32\xuixdpch.ini Has been deleted!

Attempting to delete C:\windows\system32\xyhxpsud.dll
C:\windows\system32\xyhxpsud.dll Has been deleted!

Attempting to delete C:\windows\system32\yfatfvni.dll
C:\windows\system32\yfatfvni.dll Has been deleted!

Attempting to delete C:\windows\system32\yiijngbo.dll
C:\windows\system32\yiijngbo.dll Has been deleted!

Attempting to delete C:\windows\system32\yijedxnk.dll
C:\windows\system32\yijedxnk.dll Has been deleted!

Attempting to delete C:\windows\system32\ykdvlyjn.dll
C:\windows\system32\ykdvlyjn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ylnnuxxe.dll
C:\WINDOWS\system32\ylnnuxxe.dll Could not be deleted.

Attempting to delete C:\windows\system32\yoolnetf.dll
C:\windows\system32\yoolnetf.dll Has been deleted!

Attempting to delete C:\windows\system32\yponpsld.ini
C:\windows\system32\yponpsld.ini Has been deleted!

Attempting to delete C:\windows\system32\yqhhfqsf.ini
C:\windows\system32\yqhhfqsf.ini Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.9

Checking Java version...

Scan started at 9:55:11 AM 9/28/2007

Listing files found while scanning....

C:\WINDOWS\system32\hrhaxymf.dll
C:\WINDOWS\system32\jjkkj.bak1
C:\WINDOWS\system32\jjkkj.bak2
C:\WINDOWS\system32\jjkkj.ini
C:\WINDOWS\system32\jjkkj.ini2
C:\WINDOWS\system32\jjkkj.tmp
C:\WINDOWS\system32\jkkjj.dll
C:\windows\system32\syxelbdy.dll
C:\WINDOWS\system32\wvuvutu.dll



____________________________________________________________


And here is my new HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:13:10 AM, on 9/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08\hpqtra08.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Documents and Settings\Owner\My Documents\HiJackThis(2).exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dial
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3964D8D6-86D0-493A-B460-A805B5401114} - C:\WINDOWS\system32\wvuvutu.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {7db56767-f849-41f8-a268-dbfdf4e269d7} - (no file)
O2 - BHO: 0 - {8094E49A-5C15-4886-8097-38586F7B25C7} - (no file)
O2 - BHO: My Web Search Bar BHO - {8EAB99C1-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL
O2 - BHO: (no name) - {9999E42A-EC8D-4847-8B2A-E6C4F1929EE9} - C:\WINDOWS\system32\DiskI.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\nbtivujt.dll
O2 - BHO: (no name) - {E9B2018B-9061-49F0-8ED4-A4FD04101C6E} - C:\WINDOWS\system32\jkkjj.dll
O2 - BHO: (no name) - {FCCD224D-65E5-483C-BB72-DDDDC53DD90A} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn\yt.dll
O3 - Toolbar: WeatherBug Browser Bar - powered by MyWebSearch - {8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\fptxdalp.dll",sitypnow
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Startup: Organize.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1146064302421
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab
O20 - Winlogon Notify: jkkjj - C:\WINDOWS\system32\jkkjj.dll
O20 - Winlogon Notify: wvuvutu - C:\WINDOWS\SYSTEM32\wvuvutu.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\auevxusg.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
O24 - Desktop Component 0: (no name) - C:\Program Files\MSN Gaming Zone\rteprek.html

--
End of file - 10505 bytes

Edited by volcomsocom, 28 September 2007 - 11:18 AM.


#4 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:02:51 AM

Posted 28 September 2007 - 11:19 AM

Are you sure that's the whole of the Vundofix log?

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#5 volcomsocom

volcomsocom
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:51 PM

Posted 28 September 2007 - 11:30 AM

Well, I copied the whole thing, so I assume so. Is there something missing? :thumbsup:

#6 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:02:51 AM

Posted 28 September 2007 - 01:22 PM

Don't worry, we'll run it one more time to get rid of the files that it could not remove.
Double-click VundoFix.exe to run it.
When VundoFix re-opens, click "Scan for Vundo" button.
Once the scan is complete, right click inside the listbox (white box) and click "Add More Files"
Copy and paste the entries below into the top boxes :

C:\WINDOWS\system32\jkkjj.dll
C:\WINDOWS\SYSTEM32\wvuvutu.dll


Click "Add Files" and click "Close Window".
Click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your Desktop will go blank as it starts removing Vundo - this is normal.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.

Please include VundoFix.txt and a new HijackThis log in your next reply.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#7 volcomsocom

volcomsocom
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:51 PM

Posted 28 September 2007 - 05:07 PM

Ok, after following your instructions, here are my new logs:


VundoFix:

VundoFix V6.5.9

Checking Java version...

Scan started at 9:47:48 AM 9/28/2007

Listing files found while scanning....

C:\windows\system32\ajxinccx.dll
C:\windows\system32\akurmwdj.ini
C:\windows\system32\bargeudw.dll
C:\windows\system32\bcvlxont.dll
C:\windows\system32\bwxrklwo.ini
C:\windows\system32\ckxnfulv.dll
C:\windows\system32\cpwwflju.ini
C:\windows\system32\cqyslbtw.dll
C:\windows\system32\djbnhwtw.ini
C:\windows\system32\dlspnopy.dll
C:\windows\system32\duspxhyx.ini
C:\windows\system32\dvqkusup.ini
C:\windows\system32\ehyykimu.dll
C:\windows\system32\eqrprevg.dll
C:\windows\system32\errqftmu.dll
C:\windows\system32\etslgquw.ini
C:\windows\system32\fcpdqbvs.dll
C:\windows\system32\fsqfhhqy.dll
C:\windows\system32\ftenlooy.ini
C:\windows\system32\fxpnkrcp.dll
C:\windows\system32\gverprqe.ini
C:\windows\system32\hcpdxiux.dll
C:\windows\system32\hrplfrcq.dll
C:\windows\system32\huhwxrno.ini
C:\windows\system32\ibqneeim.dll
C:\windows\system32\idweivmu.ini
C:\windows\system32\imfuhdrr.dll
C:\windows\system32\invftafy.ini
C:\windows\system32\iogdkokw.ini
C:\windows\system32\jdwmruka.dll
C:\WINDOWS\system32\jkkjj.dll
C:\windows\system32\khacxexk.ini
C:\windows\system32\kmkjwrpr.ini
C:\windows\system32\knxdejiy.ini
C:\windows\system32\kwgkoqqx.dll
C:\windows\system32\kxexcahk.dll
C:\windows\system32\kytlmkrw.ini
C:\windows\system32\ltdkwdwg.dll
C:\windows\system32\mdfuxwew.ini
C:\windows\system32\mieenqbi.ini
C:\windows\system32\nbuciwav.ini
C:\windows\system32\njylvdky.ini
C:\windows\system32\obgnjiiy.ini
C:\windows\system32\onrxwhuh.dll
C:\windows\system32\opnoljg.dll
C:\windows\system32\owlkrxwb.dll
C:\windows\system32\pcrknpxf.ini
C:\windows\system32\pmhrynts.ini
C:\windows\system32\pusukqvd.dll
C:\windows\system32\qcrflprh.ini
C:\windows\system32\qwdbjdnw.ini
C:\windows\system32\rprwjkmk.dll
C:\windows\system32\rrdhufmi.ini
C:\windows\system32\sawovpau.dll
C:\windows\system32\smfhtdeu.dll
C:\windows\system32\ssqqqrp.dll
C:\windows\system32\stnyrhmp.dll
C:\windows\system32\suxgrctw.dll
C:\windows\system32\svbqdpcf.ini
C:\windows\system32\swsrkhex.dll
C:\WINDOWS\system32\syxelbdy.dll
C:\windows\system32\tnoxlvcb.ini
C:\windows\system32\togpupnx.ini
C:\windows\system32\uapvowas.ini
C:\windows\system32\uedthfms.ini
C:\windows\system32\ujlfwwpc.dll
C:\windows\system32\umikyyhe.ini
C:\windows\system32\umtfqrre.ini
C:\windows\system32\umviewdi.dll
C:\windows\system32\vawicubn.dll
C:\windows\system32\vlufnxkc.ini
C:\windows\system32\wduegrab.ini
C:\windows\system32\wewxufdm.dll
C:\windows\system32\wkokdgoi.dll
C:\windows\system32\wndjbdwq.dll
C:\windows\system32\wrkmltyk.dll
C:\windows\system32\wtblsyqc.ini
C:\windows\system32\wtcrgxus.ini
C:\windows\system32\wtwhnbjd.dll
C:\windows\system32\wuqglste.dll
C:\WINDOWS\system32\wvuvutu.dll
C:\windows\system32\xccnixja.ini
C:\WINDOWS\system32\xdehowjh.dll
C:\windows\system32\xehkrsws.ini
C:\windows\system32\xnpupgot.dll
C:\windows\system32\xqqokgwk.ini
C:\windows\system32\xuixdpch.ini
C:\windows\system32\xyhxpsud.dll
C:\windows\system32\yfatfvni.dll
C:\windows\system32\yiijngbo.dll
C:\windows\system32\yijedxnk.dll
C:\windows\system32\ykdvlyjn.dll
C:\WINDOWS\system32\ylnnuxxe.dll
C:\windows\system32\yoolnetf.dll
C:\windows\system32\yponpsld.ini
C:\windows\system32\yqhhfqsf.ini

Beginning removal...

Attempting to delete C:\windows\system32\ajxinccx.dll
C:\windows\system32\ajxinccx.dll Has been deleted!

Attempting to delete C:\windows\system32\akurmwdj.ini
C:\windows\system32\akurmwdj.ini Has been deleted!

Attempting to delete C:\windows\system32\bargeudw.dll
C:\windows\system32\bargeudw.dll Has been deleted!

Attempting to delete C:\windows\system32\bcvlxont.dll
C:\windows\system32\bcvlxont.dll Has been deleted!

Attempting to delete C:\windows\system32\bwxrklwo.ini
C:\windows\system32\bwxrklwo.ini Has been deleted!

Attempting to delete C:\windows\system32\ckxnfulv.dll
C:\windows\system32\ckxnfulv.dll Has been deleted!

Attempting to delete C:\windows\system32\cpwwflju.ini
C:\windows\system32\cpwwflju.ini Has been deleted!

Attempting to delete C:\windows\system32\cqyslbtw.dll
C:\windows\system32\cqyslbtw.dll Has been deleted!

Attempting to delete C:\windows\system32\djbnhwtw.ini
C:\windows\system32\djbnhwtw.ini Has been deleted!

Attempting to delete C:\windows\system32\dlspnopy.dll
C:\windows\system32\dlspnopy.dll Has been deleted!

Attempting to delete C:\windows\system32\duspxhyx.ini
C:\windows\system32\duspxhyx.ini Has been deleted!

Attempting to delete C:\windows\system32\dvqkusup.ini
C:\windows\system32\dvqkusup.ini Has been deleted!

Attempting to delete C:\windows\system32\ehyykimu.dll
C:\windows\system32\ehyykimu.dll Has been deleted!

Attempting to delete C:\windows\system32\eqrprevg.dll
C:\windows\system32\eqrprevg.dll Has been deleted!

Attempting to delete C:\windows\system32\errqftmu.dll
C:\windows\system32\errqftmu.dll Has been deleted!

Attempting to delete C:\windows\system32\etslgquw.ini
C:\windows\system32\etslgquw.ini Has been deleted!

Attempting to delete C:\windows\system32\fcpdqbvs.dll
C:\windows\system32\fcpdqbvs.dll Has been deleted!

Attempting to delete C:\windows\system32\fsqfhhqy.dll
C:\windows\system32\fsqfhhqy.dll Has been deleted!

Attempting to delete C:\windows\system32\ftenlooy.ini
C:\windows\system32\ftenlooy.ini Has been deleted!

Attempting to delete C:\windows\system32\fxpnkrcp.dll
C:\windows\system32\fxpnkrcp.dll Has been deleted!

Attempting to delete C:\windows\system32\gverprqe.ini
C:\windows\system32\gverprqe.ini Has been deleted!

Attempting to delete C:\windows\system32\hcpdxiux.dll
C:\windows\system32\hcpdxiux.dll Has been deleted!

Attempting to delete C:\windows\system32\hrplfrcq.dll
C:\windows\system32\hrplfrcq.dll Has been deleted!

Attempting to delete C:\windows\system32\huhwxrno.ini
C:\windows\system32\huhwxrno.ini Has been deleted!

Attempting to delete C:\windows\system32\ibqneeim.dll
C:\windows\system32\ibqneeim.dll Has been deleted!

Attempting to delete C:\windows\system32\idweivmu.ini
C:\windows\system32\idweivmu.ini Has been deleted!

Attempting to delete C:\windows\system32\imfuhdrr.dll
C:\windows\system32\imfuhdrr.dll Has been deleted!

Attempting to delete C:\windows\system32\invftafy.ini
C:\windows\system32\invftafy.ini Has been deleted!

Attempting to delete C:\windows\system32\iogdkokw.ini
C:\windows\system32\iogdkokw.ini Has been deleted!

Attempting to delete C:\windows\system32\jdwmruka.dll
C:\windows\system32\jdwmruka.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkkjj.dll
C:\WINDOWS\system32\jkkjj.dll Could not be deleted.

Attempting to delete C:\windows\system32\khacxexk.ini
C:\windows\system32\khacxexk.ini Has been deleted!

Attempting to delete C:\windows\system32\kmkjwrpr.ini
C:\windows\system32\kmkjwrpr.ini Has been deleted!

Attempting to delete C:\windows\system32\knxdejiy.ini
C:\windows\system32\knxdejiy.ini Has been deleted!

Attempting to delete C:\windows\system32\kwgkoqqx.dll
C:\windows\system32\kwgkoqqx.dll Has been deleted!

Attempting to delete C:\windows\system32\kxexcahk.dll
C:\windows\system32\kxexcahk.dll Has been deleted!

Attempting to delete C:\windows\system32\kytlmkrw.ini
C:\windows\system32\kytlmkrw.ini Has been deleted!

Attempting to delete C:\windows\system32\ltdkwdwg.dll
C:\windows\system32\ltdkwdwg.dll Has been deleted!

Attempting to delete C:\windows\system32\mdfuxwew.ini
C:\windows\system32\mdfuxwew.ini Has been deleted!

Attempting to delete C:\windows\system32\mieenqbi.ini
C:\windows\system32\mieenqbi.ini Has been deleted!

Attempting to delete C:\windows\system32\nbuciwav.ini
C:\windows\system32\nbuciwav.ini Has been deleted!

Attempting to delete C:\windows\system32\njylvdky.ini
C:\windows\system32\njylvdky.ini Has been deleted!

Attempting to delete C:\windows\system32\obgnjiiy.ini
C:\windows\system32\obgnjiiy.ini Has been deleted!

Attempting to delete C:\windows\system32\onrxwhuh.dll
C:\windows\system32\onrxwhuh.dll Has been deleted!

Attempting to delete C:\windows\system32\opnoljg.dll
C:\windows\system32\opnoljg.dll Has been deleted!

Attempting to delete C:\windows\system32\owlkrxwb.dll
C:\windows\system32\owlkrxwb.dll Has been deleted!

Attempting to delete C:\windows\system32\pcrknpxf.ini
C:\windows\system32\pcrknpxf.ini Has been deleted!

Attempting to delete C:\windows\system32\pmhrynts.ini
C:\windows\system32\pmhrynts.ini Has been deleted!

Attempting to delete C:\windows\system32\pusukqvd.dll
C:\windows\system32\pusukqvd.dll Has been deleted!

Attempting to delete C:\windows\system32\qcrflprh.ini
C:\windows\system32\qcrflprh.ini Has been deleted!

Attempting to delete C:\windows\system32\qwdbjdnw.ini
C:\windows\system32\qwdbjdnw.ini Has been deleted!

Attempting to delete C:\windows\system32\rprwjkmk.dll
C:\windows\system32\rprwjkmk.dll Has been deleted!

Attempting to delete C:\windows\system32\rrdhufmi.ini
C:\windows\system32\rrdhufmi.ini Has been deleted!

Attempting to delete C:\windows\system32\sawovpau.dll
C:\windows\system32\sawovpau.dll Has been deleted!

Attempting to delete C:\windows\system32\smfhtdeu.dll
C:\windows\system32\smfhtdeu.dll Has been deleted!

Attempting to delete C:\windows\system32\ssqqqrp.dll
C:\windows\system32\ssqqqrp.dll Has been deleted!

Attempting to delete C:\windows\system32\stnyrhmp.dll
C:\windows\system32\stnyrhmp.dll Has been deleted!

Attempting to delete C:\windows\system32\suxgrctw.dll
C:\windows\system32\suxgrctw.dll Has been deleted!

Attempting to delete C:\windows\system32\svbqdpcf.ini
C:\windows\system32\svbqdpcf.ini Has been deleted!

Attempting to delete C:\windows\system32\swsrkhex.dll
C:\windows\system32\swsrkhex.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\syxelbdy.dll
C:\WINDOWS\system32\syxelbdy.dll Could not be deleted.

Attempting to delete C:\windows\system32\tnoxlvcb.ini
C:\windows\system32\tnoxlvcb.ini Has been deleted!

Attempting to delete C:\windows\system32\togpupnx.ini
C:\windows\system32\togpupnx.ini Has been deleted!

Attempting to delete C:\windows\system32\uapvowas.ini
C:\windows\system32\uapvowas.ini Has been deleted!

Attempting to delete C:\windows\system32\uedthfms.ini
C:\windows\system32\uedthfms.ini Has been deleted!

Attempting to delete C:\windows\system32\ujlfwwpc.dll
C:\windows\system32\ujlfwwpc.dll Has been deleted!

Attempting to delete C:\windows\system32\umikyyhe.ini
C:\windows\system32\umikyyhe.ini Has been deleted!

Attempting to delete C:\windows\system32\umtfqrre.ini
C:\windows\system32\umtfqrre.ini Has been deleted!

Attempting to delete C:\windows\system32\umviewdi.dll
C:\windows\system32\umviewdi.dll Has been deleted!

Attempting to delete C:\windows\system32\vawicubn.dll
C:\windows\system32\vawicubn.dll Has been deleted!

Attempting to delete C:\windows\system32\vlufnxkc.ini
C:\windows\system32\vlufnxkc.ini Has been deleted!

Attempting to delete C:\windows\system32\wduegrab.ini
C:\windows\system32\wduegrab.ini Has been deleted!

Attempting to delete C:\windows\system32\wewxufdm.dll
C:\windows\system32\wewxufdm.dll Has been deleted!

Attempting to delete C:\windows\system32\wkokdgoi.dll
C:\windows\system32\wkokdgoi.dll Has been deleted!

Attempting to delete C:\windows\system32\wndjbdwq.dll
C:\windows\system32\wndjbdwq.dll Has been deleted!

Attempting to delete C:\windows\system32\wrkmltyk.dll
C:\windows\system32\wrkmltyk.dll Has been deleted!

Attempting to delete C:\windows\system32\wtblsyqc.ini
C:\windows\system32\wtblsyqc.ini Has been deleted!

Attempting to delete C:\windows\system32\wtcrgxus.ini
C:\windows\system32\wtcrgxus.ini Has been deleted!

Attempting to delete C:\windows\system32\wtwhnbjd.dll
C:\windows\system32\wtwhnbjd.dll Has been deleted!

Attempting to delete C:\windows\system32\wuqglste.dll
C:\windows\system32\wuqglste.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wvuvutu.dll
C:\WINDOWS\system32\wvuvutu.dll Could not be deleted.

Attempting to delete C:\windows\system32\xccnixja.ini
C:\windows\system32\xccnixja.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\xdehowjh.dll
C:\WINDOWS\system32\xdehowjh.dll Has been deleted!

Attempting to delete C:\windows\system32\xehkrsws.ini
C:\windows\system32\xehkrsws.ini Has been deleted!

Attempting to delete C:\windows\system32\xnpupgot.dll
C:\windows\system32\xnpupgot.dll Has been deleted!

Attempting to delete C:\windows\system32\xqqokgwk.ini
C:\windows\system32\xqqokgwk.ini Has been deleted!

Attempting to delete C:\windows\system32\xuixdpch.ini
C:\windows\system32\xuixdpch.ini Has been deleted!

Attempting to delete C:\windows\system32\xyhxpsud.dll
C:\windows\system32\xyhxpsud.dll Has been deleted!

Attempting to delete C:\windows\system32\yfatfvni.dll
C:\windows\system32\yfatfvni.dll Has been deleted!

Attempting to delete C:\windows\system32\yiijngbo.dll
C:\windows\system32\yiijngbo.dll Has been deleted!

Attempting to delete C:\windows\system32\yijedxnk.dll
C:\windows\system32\yijedxnk.dll Has been deleted!

Attempting to delete C:\windows\system32\ykdvlyjn.dll
C:\windows\system32\ykdvlyjn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ylnnuxxe.dll
C:\WINDOWS\system32\ylnnuxxe.dll Could not be deleted.

Attempting to delete C:\windows\system32\yoolnetf.dll
C:\windows\system32\yoolnetf.dll Has been deleted!

Attempting to delete C:\windows\system32\yponpsld.ini
C:\windows\system32\yponpsld.ini Has been deleted!

Attempting to delete C:\windows\system32\yqhhfqsf.ini
C:\windows\system32\yqhhfqsf.ini Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.9

Checking Java version...

Scan started at 9:55:11 AM 9/28/2007

Listing files found while scanning....

C:\WINDOWS\system32\hrhaxymf.dll
C:\WINDOWS\system32\jjkkj.bak1
C:\WINDOWS\system32\jjkkj.bak2
C:\WINDOWS\system32\jjkkj.ini
C:\WINDOWS\system32\jjkkj.ini2
C:\WINDOWS\system32\jjkkj.tmp
C:\WINDOWS\system32\jkkjj.dll
C:\windows\system32\syxelbdy.dll
C:\WINDOWS\system32\wvuvutu.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\hrhaxymf.dll
C:\WINDOWS\system32\hrhaxymf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jjkkj.bak1
C:\WINDOWS\system32\jjkkj.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\jjkkj.bak2
C:\WINDOWS\system32\jjkkj.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\jjkkj.ini
C:\WINDOWS\system32\jjkkj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\jjkkj.ini2
C:\WINDOWS\system32\jjkkj.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\jjkkj.tmp
C:\WINDOWS\system32\jjkkj.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkkjj.dll
C:\WINDOWS\system32\jkkjj.dll Could not be deleted.

Attempting to delete C:\windows\system32\syxelbdy.dll
C:\windows\system32\syxelbdy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wvuvutu.dll
C:\WINDOWS\system32\wvuvutu.dll Could not be deleted.

Performing Repairs to the registry.
Done!

VundoFix V6.5.9

Checking Java version...

Scan started at 4:48:45 PM 9/28/2007

Listing files found while scanning....

C:\WINDOWS\system32\fptxdalp.dll
C:\WINDOWS\system32\jjkkj.ini
C:\WINDOWS\system32\jjkkj.ini2
C:\WINDOWS\system32\jkkjj.dll
C:\WINDOWS\system32\nbtivujt.dll
C:\WINDOWS\system32\pladxtpf.ini
C:\WINDOWS\system32\wvuvutu.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\fptxdalp.dll
C:\WINDOWS\system32\fptxdalp.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\jjkkj.ini
C:\WINDOWS\system32\jjkkj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\jjkkj.ini2
C:\WINDOWS\system32\jjkkj.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkkjj.dll
C:\WINDOWS\system32\jkkjj.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\jkkjj.dll
C:\WINDOWS\system32\jkkjj.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\jkkjj.dll
C:\WINDOWS\system32\jkkjj.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\nbtivujt.dll
C:\WINDOWS\system32\nbtivujt.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\pladxtpf.ini
C:\WINDOWS\system32\pladxtpf.ini Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\wvuvutu.dll
C:\WINDOWS\SYSTEM32\wvuvutu.dll Could not be deleted.

Attempting to delete C:\WINDOWS\SYSTEM32\wvuvutu.dll
C:\WINDOWS\SYSTEM32\wvuvutu.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\wvuvutu.dll
C:\WINDOWS\system32\wvuvutu.dll Could not be deleted.

Performing Repairs to the registry.
Done!


________________________________________________________________




HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:03:26 PM, on 9/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Quicken\bagent.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08\hpqtra08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\My Documents\HiJackThis(2).exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dial
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {011FE574-C295-423B-A554-4990D0204235} - C:\WINDOWS\system32\jkkjj.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3964D8D6-86D0-493A-B460-A805B5401114} - C:\WINDOWS\system32\wvuvutu.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {7db56767-f849-41f8-a268-dbfdf4e269d7} - (no file)
O2 - BHO: 0 - {8094E49A-5C15-4886-8097-38586F7B25C7} - (no file)
O2 - BHO: My Web Search Bar BHO - {8EAB99C1-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL
O2 - BHO: (no name) - {9999E42A-EC8D-4847-8B2A-E6C4F1929EE9} - C:\WINDOWS\system32\DiskI.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {FCCD224D-65E5-483C-BB72-DDDDC53DD90A} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn\yt.dll
O3 - Toolbar: WeatherBug Browser Bar - powered by MyWebSearch - {8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Startup: Organize.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1146064302421
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab
O20 - Winlogon Notify: jkkjj - C:\WINDOWS\system32\jkkjj.dll
O20 - Winlogon Notify: wvuvutu - C:\WINDOWS\SYSTEM32\wvuvutu.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\auevxusg.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
O24 - Desktop Component 0: (no name) - C:\Program Files\MSN Gaming Zone\rteprek.html

--
End of file - 10380 bytes




Ok, so there it is. When I was finished with Vundo (before it restarted my computer) the two files you mentioned above couldn't be removed. V

#8 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:02:51 AM

Posted 29 September 2007 - 03:39 PM

It looks like you posted the same Vundofix log as last time ...

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#9 volcomsocom

volcomsocom
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:51 PM

Posted 29 September 2007 - 04:07 PM

I ran VundoFix, and when the computer started back up, I copied the contents of VundoFix.txt, and posted it here.

#10 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:02:51 AM

Posted 29 September 2007 - 04:27 PM

Hi there, don't worry about Vundofix.
Please print off a copy of these instructions, and also save them to a Notepad file on your desktop, so they are easily accessible.
We are going to boot into Safe Mode later in the fix, and there is no internet access.

Scan again with HijackThis and put a checkmark next to each of the following entries (if present):

O2 - BHO: (no name) - {011FE574-C295-423B-A554-4990D0204235} - C:\WINDOWS\system32\jkkjj.dll
O2 - BHO: (no name) - {3964D8D6-86D0-493A-B460-A805B5401114} - C:\WINDOWS\system32\wvuvutu.dll
O2 - BHO: (no name) - {7db56767-f849-41f8-a268-dbfdf4e269d7} - (no file)
O2 - BHO: 0 - {8094E49A-5C15-4886-8097-38586F7B25C7} - (no file)
O2 - BHO: (no name) - {FCCD224D-65E5-483C-BB72-DDDDC53DD90A} - (no file)
O20 - Winlogon Notify: jkkjj - C:\WINDOWS\system32\jkkjj.dll
O20 - Winlogon Notify: wvuvutu - C:\WINDOWS\SYSTEM32\wvuvutu.dll
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\auevxusg.exe (file missing)


Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix checked button.

Please reboot your computer into Safe Mode.
This is done by rebooting Windows and pressing F8 at boot/Windows startup, usually right after the beep.
Then select Safe Mode from the list.
Make sure you choose the option without Networking Support.

Set your system to show all files.
Navigate to Start | My Computer | Tools | Folder Options.
Select the View tab. Under the "Hidden Files and Folders" heading, select "Show hidden files and folders".
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Next, please find and delete the following files (if present):

C:\WINDOWS\system32\jkkjj.dll
C:\WINDOWS\system32\wvuvutu.dll
C:\WINDOWS\system32\auevxusg.exe

Copy and paste the following text into Notepad:
sc stop DomainService
sc delete DomainService
Save this as "services.bat". Choose to save as *all files and place it on your Desktop.
Double-click services.bat.

Reboot into Normal Mode again.

Download Combofix to your Desktop. It is really important that combofix.exe is on your Desktop, not somewhere else!
Then go to Start | Run and copy and paste this command in the field:
"C:\Documents and Settings\Administrator\Desktop\combofix.exe" /v jkkjj wvuvutu.dll
Hit enter. This should start Combofix.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished and after reboot, it should open a log (combofix.txt), please include this in your next reply.

I'd like to see the Combofix log and a brand new HijackThis log in your next post.
Thanks,
Charles

EDIT: Typos

Edited by rookie147, 29 September 2007 - 04:28 PM.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#11 volcomsocom

volcomsocom
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:51 PM

Posted 01 October 2007 - 07:07 PM

Ok, I did what you said. Here are my new logs:





ComboFix

ComboFix 07-10-02.2 - Owner 2007-10-01 18:39:54.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.121 [GMT -6:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data.\salesmonitor
C:\Documents and Settings\All Users\Application Data.\winantispyware 2007
C:\Documents and Settings\All Users\Application Data.\winantispyware 2007\Data\Abbr
C:\Documents and Settings\All Users\Application Data.\winantispyware 2007\Data\ProductCode
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\Abbr
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\ProductCode
C:\Documents and Settings\Owner\err.log
C:\Program Files\Common Files\winantispyware 2007
C:\Program Files\Common Files\WinAntiSpyware 2007\err.log
C:\Program Files\MSN Gaming Zone\rteprek.html
C:\Program Files\Online Services\metoconow4444.dll
C:\Program Files\svhost
C:\Program Files\web buying
C:\Program Files\web buying\v1.8.1\wbuninst.exe
C:\Program Files\web buying\v1.8.1\webbuying.exe
C:\Program Files\winantispyware 2006 free
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\FileMonitor\C__WINDOWS_system.ini\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\FileMonitor\C__WINDOWS_system.ini\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\FileMonitor\C__WINDOWS_system32_drivers_etc_hosts\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\FileMonitor\C__WINDOWS_system32_drivers_etc_hosts\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\FileMonitor\C__WINDOWS_win.ini\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\FileMonitor\C__WINDOWS_win.ini\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_system_currentcontrolset_services\#data
C:\Program Files\WinAntiSpyware 2006 Free\sr.log
C:\temp\0c2
C:\temp\0c2\tmpFF.log
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\brr
C:\temp\brr\tmpZTF.log
C:\Temp\fse
C:\Temp\fse\tmpZTF.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\svhost.exe
C:\WINDOWS\system32\adnhfxnc.exe
C:\WINDOWS\system32\akfktgxm.exe
C:\WINDOWS\system32\almbhwpg.exe
C:\WINDOWS\system32\alvfwbfq.exe
C:\WINDOWS\system32\axxdnocs.exe
C:\WINDOWS\system32\b02FdUe
C:\WINDOWS\system32\bfbqmsog.exe
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\bwmcxwvd.exe
C:\WINDOWS\system32\ckmwoljm.exe
C:\WINDOWS\system32\cllfeuyx.exe
C:\WINDOWS\system32\cmtdeben.exe
C:\WINDOWS\system32\configs
C:\WINDOWS\system32\cwykshyy.exe
C:\WINDOWS\system32\cxqepbbj.exe
C:\WINDOWS\system32\davpsatc.exe
C:\WINDOWS\system32\dlfinvsr.exe
C:\WINDOWS\system32\drivers\fopn.sys
C:\WINDOWS\system32\drivers\lexwyopq.sys
C:\WINDOWS\system32\drivers\tkxjojmd.sys
C:\WINDOWS\system32\dxunrqpy.exe
C:\WINDOWS\system32\ecckwgjx.exe
C:\WINDOWS\system32\exqgmtkq.exe
C:\WINDOWS\system32\exxunnly.ini
C:\WINDOWS\system32\f10WtR
C:\WINDOWS\system32\f3PSSavr.scr
C:\WINDOWS\system32\fciqgxdh.exe
C:\WINDOWS\system32\flckiykw.exe
C:\WINDOWS\system32\fntxyuya.exe
C:\WINDOWS\system32\fptxdalp.dll
C:\WINDOWS\system32\frxpwwgt.exe
C:\WINDOWS\system32\fusvfvuj.exe
C:\WINDOWS\system32\G1
C:\WINDOWS\system32\G11
C:\WINDOWS\system32\G3
C:\WINDOWS\system32\G3\wr725.exe
C:\WINDOWS\system32\G5
C:\WINDOWS\system32\G7
C:\WINDOWS\system32\gmxxrggw.ini
C:\WINDOWS\system32\gxgfuvpr.exe
C:\WINDOWS\system32\hckymsmr.exe
C:\WINDOWS\system32\htxayvey.exe
C:\WINDOWS\system32\icjssbxl.exe
C:\WINDOWS\system32\idehrnkd.exe
C:\WINDOWS\system32\idnumddh.exe
C:\WINDOWS\system32\iljngcse.exe
C:\WINDOWS\system32\imrtkdex.ini
C:\WINDOWS\system32\ioggdjfj.dll
C:\WINDOWS\system32\jaximmyi.exe
C:\WINDOWS\system32\jfigaqgq.exe
C:\WINDOWS\system32\jfjdggoi.ini
C:\WINDOWS\system32\jgheyupj.exe
C:\WINDOWS\system32\jhsuypqj.exe
C:\WINDOWS\system32\jjkkj.bak1
C:\WINDOWS\system32\jjkkj.bak2
C:\WINDOWS\system32\jjkkj.ini
C:\WINDOWS\system32\jkkjj.dll
C:\WINDOWS\system32\kncgkpnl.exe
C:\WINDOWS\system32\koubfsly.ini
C:\WINDOWS\system32\kqrikddv.exe
C:\WINDOWS\system32\kxtrjjmo.exe
C:\WINDOWS\system32\lnxatlkj.exe
C:\WINDOWS\system32\lqhsrsap.exe
C:\WINDOWS\system32\lvfjetsc.exe
C:\WINDOWS\system32\lvpsbdkn.exe
C:\WINDOWS\system32\mbkiqmww.dll
C:\WINDOWS\system32\mjuymerp.exe
C:\WINDOWS\system32\mlugrjlt.exe
C:\WINDOWS\system32\mrhwkrjx.exe
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\mtygfxmo.ini
C:\WINDOWS\system32\nbtivujt.dll
C:\WINDOWS\system32\ndkomlew.exe
C:\WINDOWS\system32\ngeieeur.exe
C:\WINDOWS\system32\nklyowng.exe
C:\WINDOWS\system32\nsqaghng.exe
C:\WINDOWS\system32\nuokyadf.exe
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\nyrruxxe.exe
C:\WINDOWS\system32\omxfgytm.dll
C:\WINDOWS\system32\otrcqsdn.exe
C:\WINDOWS\system32\plugin.dat
C:\WINDOWS\system32\prehomcr.dll
C:\WINDOWS\system32\pucbkles.exe
C:\WINDOWS\system32\qcjgsnbu.exe
C:\WINDOWS\system32\qgiwtaki.exe
C:\WINDOWS\system32\qyxhtkbx.exe
C:\WINDOWS\system32\rlmdenky.dat
C:\WINDOWS\system32\rlmdenky_nav.dat
C:\WINDOWS\system32\rlmdenky_navps.dat
C:\WINDOWS\system32\rwkcgvcs.exe
C:\WINDOWS\system32\sjpxkstw.exe
C:\WINDOWS\system32\smsajdtu.exe
C:\WINDOWS\system32\SysPr.prx
C:\WINDOWS\system32\tempchk
C:\WINDOWS\system32\tempchk\w86.exe
C:\WINDOWS\system32\tmieamea.exe
C:\WINDOWS\system32\tnappfeg.exe
C:\WINDOWS\system32\tulmltvt.exe
C:\WINDOWS\system32\udrmbbty.exe
C:\WINDOWS\system32\uncmrkek.exe
C:\WINDOWS\system32\updpdwvp.exe
C:\WINDOWS\system32\upirrdlq.exe
C:\WINDOWS\system32\upmfbnnp.exe
C:\WINDOWS\system32\uttcabla.exe
C:\WINDOWS\system32\V1
C:\WINDOWS\system32\vphretpo.exe
C:\WINDOWS\system32\vqigwque.exe
C:\WINDOWS\system32\vqxitgra.exe
C:\WINDOWS\system32\wgaibwmg.exe
C:\WINDOWS\system32\wggrxxmg.dll
C:\WINDOWS\system32\win
C:\WINDOWS\system32\winnb58.dll
C:\WINDOWS\system32\wkdqaqda.exe
C:\WINDOWS\system32\wvuvutu.dll
C:\WINDOWS\system32\wwmqikbm.ini
C:\WINDOWS\system32\xajbsplr.exe
C:\WINDOWS\system32\xedktrmi.dll
C:\WINDOWS\system32\xgxrbnxf.exe
C:\WINDOWS\system32\xwhrlpaj.exe
C:\WINDOWS\system32\ybzgxep.dat
C:\WINDOWS\system32\ybzgxep.exe
C:\WINDOWS\system32\ybzgxep_nav.dat
C:\WINDOWS\system32\ybzgxep_navps.dat
C:\WINDOWS\system32\ybzgxep_navup.dat
C:\WINDOWS\system32\yheeqlnh.exe
C:\WINDOWS\system32\ylnnuxxe.dll
C:\WINDOWS\system32\ylsfbuok.dll
C:\WINDOWS\system32\yswwsqfv.exe
C:\WINDOWS\system32\Z1
C:\WINDOWS\system32\Z1\vt22011.exe
C:\WINDOWS\TTC-4444.exe
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_FOPN
-------\LEGACY_GSJDYNCA
-------\gsjdynca


((((((((((((((((((((((((( Files Created from 2007-09-02 to 2007-10-02 )))))))))))))))))))))))))))))))
.

2007-10-01 18:38 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-01 18:15 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2007-10-01 18:15 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2007-10-01 18:15 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2007-10-01 18:15 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2007-10-01 18:15 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Real
2007-10-01 18:15 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\interMute
2007-10-01 10:42 87,104 --a------ C:\WINDOWS\system32\imkhomgb.dll
2007-09-28 10:05 59,392 --a------ C:\WINDOWS\system32\cdosy.dll
2007-09-28 09:47 <DIR> d-------- C:\VundoFix Backups
2007-09-27 13:55 59,392 --a------ C:\WINDOWS\system32\cmprop.dll
2007-09-26 14:53 57,344 --a------ C:\WINDOWS\system32\adsldph.dll
2007-09-26 14:19 57,344 --a------ C:\WINDOWS\system32\bidisp.dll
2007-09-26 14:16 57,344 --a------ C:\WINDOWS\system32\delphim.dll
2007-09-26 13:56 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-09-26 13:26 <DIR> d-------- C:\Program Files\CCleaner
2007-09-26 13:25 57,344 --a------ C:\WINDOWS\system32\aaaamo.dll
2007-09-26 13:24 105,063 --a------ C:\WINDOWS\system32\DiskI.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-01 18:58 3885 --a------ C:\WINDOWS\viassary-hp.reg
2007-10-01 17:41 --------- d-------- C:\Program Files\Morpheus
2007-10-01 15:30 --------- d-------- C:\Documents and Settings\Owner\Application Data\gtk-2.0
2007-10-01 15:26 --------- d-------- C:\Documents and Settings\Owner\Application Data\WeatherBug
2007-09-29 16:06 --------- d-------- C:\Program Files\iTunes
2007-09-29 16:06 --------- d-------- C:\Program Files\iPod
2007-09-28 18:08 --------- d-------- C:\Documents and Settings\Owner\Application Data\Morpheus
2007-09-27 13:49 --------- d-------- C:\Program Files\Common Files\AOL
2007-09-27 11:59 --------- d-------- C:\Documents and Settings\All Users\Application Data\AOL
2007-09-27 11:41 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-27 11:40 --------- d-------- C:\Program Files\Common Files\muvee Technologies
2007-09-26 13:39 --------- d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-14 22:01 --------- d-------- C:\Program Files\GIMP-2.0
2007-09-12 13:23 --------- d-------- C:\Program Files\Apple Software Update
2007-09-12 13:22 --------- d-------- C:\Program Files\QuickTime
2007-09-03 19:47 --------- d-------- C:\Program Files\ArcSoft
2007-08-27 20:19 --------- d-------- C:\Documents and Settings\Owner\Application Data\WinRAR
2007-08-24 20:36 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-24 17:10 --------- d-------- C:\Documents and Settings\Owner\Application Data\Apple Computer
2007-08-07 11:00 --------- d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2005-09-19 20:58 36 --a------ C:\Documents and Settings\Owner\Application Data\tvmuknwrd.dll
2005-09-19 18:13 146367 --a------ C:\Documents and Settings\Owner\Application Data\tvmknwrd.dll
2007-06-10 05:49:55 10,856 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-12-12 14:37]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2003-10-10 22:58]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 08:07]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 21:02]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 17:57]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 13:47 C:\WINDOWS\ALCXMNTR.EXE]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2006-04-26 14:01]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-11-10 16:06]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 03:25]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42]
"SearchIndexer"="C:\WINDOWS\system32\imkhomgb.dll" [2007-10-01 10:42]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]
"Weather"="C:\Program Files\AWS\WeatherBug\Weather.exe" [2006-04-07 15:02]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-27 19:01]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 20:00]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-06-19 09:39]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-07-07 09:20:40]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2006-11-21 20:54:10]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [2003-07-30 05:49:48]
Updates from HP.lnk - C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe [2003-10-10 23:26:40]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Organize.lnk - C:\Program Files\Hewlett-Packard\HP Organize\bin\displayAgent.exe [2003-10-10 23:13:48]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-07-07 09:20:40]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2006-11-21 20:54:10]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [2003-07-30 05:49:48]
Updates from HP.lnk - C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe [2003-10-10 23:26:40]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)

R0 VOBID;VOBID;C:\WINDOWS\system32\DRIVERS\vobid.sys
R1 cdrbsvsd;cdrbsvsd;C:\WINDOWS\system32\drivers\cdrbsvsd.sys
R1 vobiw;vobiw;C:\WINDOWS\system32\drivers\vobiw.sys
R3 cdrdrv;Cdrdrv;C:\WINDOWS\system32\Drivers\Cdrdrv.sys
S0 szkg;szkg;C:\WINDOWS\system32\DRIVERS\szkg.sys
S2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys
S2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys

*Newly Created Service* - GSJDYNCA
.
Contents of the 'Scheduled Tasks' folder
"2007-09-29 17:17:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2005-10-01 21:01:28 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Owner.job"
- c:\PROGRA~1\NORTON~1\NAVW32.EXE
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-01 18:56:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-10-01 19:01:58 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-01 19:01
.
--- E O F ---






_________________________________________________________________________


HJT



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:04, on 2007-10-01
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Quicken\bagent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08\hpqtra08.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\My Documents\HiJackThis(2).exe
C:\Documents and Settings\Owner\My Documents\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dial
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: My Web Search Bar BHO - {8EAB99C1-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn\yt.dll
O3 - Toolbar: WeatherBug Browser Bar - powered by MyWebSearch - {8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\imkhomgb.dll",sitypnow
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Startup: Organize.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1146064302421
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 9850 bytes

#12 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:02:51 AM

Posted 02 October 2007 - 05:09 PM

Please do an online scan with Kaspersky WebScanner
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on Next
Select a target to scan; click on My Computer
The scan will take a while so be patient and let it run.
Once the scan is complete choose the option to Save as Text
Post these results in your next reply.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#13 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:02:51 AM

Posted 25 October 2007 - 04:08 AM

Due to lack of feedback, this topic is now closed.
If you need this topic reopened, please request this by sending me a Personal Message including a link to your thread.
This applies only to the original topic starter. Everyone else please begin a New Topic.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users